tcpwrapper hassle

[Edin Dizdarevic <edind () gmx de>]

Hello list,

what I experienced recently was a huge flat ground /16 network with many 
 nodes using tcpwrapper. Some of them were simply showing almost all 
ports open which just took a lot, I mean _really_ lots of time to scan.

First of all I did not expect so many nodes the customer neither - and 
then (before writing down the scan(!)) nmap crashed a few times 
consuming 2GB ram.

Is there any other, smarter approach than it was mine - I assume there 
is - to cope with such stuff?

The facts/prerequisites for the job were:

* Sensitive environment, no aggressive scans allowed but T4 was fine
* /16 Network, unknown number of nodes (it came out 1500)
* Full TCP and UDP scan with service and OS recognition required
* Many systems showing almost all TCP ports open (tcpwrapped)

The hints I found in the nmap book about speeding up TCP and UDP scans 
were extremely helpful but in this case it did not help me that much at 
the end of the day. (But nice book... ;-))

Regards,
Edin
_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/